Vulnerability in EPiServer.Forms
Hi, I tried to change the Name of the website in the configuration tab in the admin section but I get the following error when the text contains a Swedish character (å, ä, ö):
"The value for the property 'siteDisplayName' is not valid. The error is: The string must be either an empty string or any combination of alphanumericals, dots (.), dashes (-) and spaces up to 256 characters long, e.g. 'site.com' or 'My Site-2'."
EPiServer does not currently support IDN (Internationalized Domain Names) or IRI:s (Internationalized Resource Identifiers).
RegardsLinus EkströmEPiServer Development Team
Thanks for the reply. Is there anyway to come around this problem. I was thinking if you can modify the code so that instead of using the Website's Name from the Admin section to use a variable stored in another place e.g. in the web.config or startpage, and display that value instead of the default one.
Is it the site name or URL that you are trying to set? I have tried setting the site name to non-ascii characters in both CMS 6 and CMS 6 R2 and it works fine. The URL though, is restricted to characters within the URL schema.
It is the site name I am trying to set. I am using CMS 5 R2 but get the error message previously mentioned. Is this limited to CMS 6?
I have also run into this problem. Setting the site display name in admin/config/system settings or in siteSettings[@siteDisplayName] in the config file doesn't work for åäö chars. Is that by design?
Edit: Version is CMS 6 R1
Ok, I got a bit confused here. I though you meant the site information settings (also under admin->config tab). I tried the config->site name setting on my CMS 6 R2 installation and it still prevents non ascii-characters. On the question if it's by design I would say yes, on the question if it's by good design: mayby. I have not looked into that setting enough to knowif there is a reason to limit the value of that field that much but I'll look into it more tomorrow.
The siteDisplayName is used in the <title> of the CMS edit/admin mode so I also used in the title of the templates. Then the client wanted to change it and I showed them how to, but they wanted a Swedish name which didn't work. That was of course easy to work around by storing a different string elsewhere and use that in the templates, while the client accepted that the admin/edit mode title had to be different. So no big problem, it was just that both the client and me were surprised that we were seemingly the first people to run into this issue or the "bug" would have been reported and solved long ago.
I have done a quick investigation of the use of this setting and I think that it's reasonable to allow more characters and have added a bug report for this.
Good to hear is on the bug report now.
Any news on this one?
The bug has been registered and fixed:
Bug #64259: SiteDisplayName should allow a broader range of characters
You see it in the public bug list.
Should work in the EPiServer 7 preview release it you want to verify it.
I can confirm that it works in EPiServer 7.0.449.1 with swedish characters.